Failsafe firmware upgrade for cloud-managed devices

What is claimed is: 1. A method comprising: receiving a first transmission signal, via a secondary port of a device management system of a cloud-managed network, from a device, wherein the first transmission signal comprises a first request of the device to connect to the cloud-managed network and an indication of whether a firmware of the device is outdated, and wherein the indication of whether the firmware of the device is outdated comprises a firmware version of the device; determining, at the device management system, whether the device is incompatible with the cloud-managed network, wherein the determining comprises comparing the firmware version of the device with a predefined firmware version of the device; in response to determining the device is incompatible with the cloud-managed network based on the indication, re-directing the device to a predefined Internet address to provide a firmware upgrade and security credentials for the device; receiving, from the device via the secondary port of the device management system, a second transmission signal after the re-directing and upgrading of the firmware of the device, wherein the second transmission signal comprises a second request to connect to the cloud-managed network; and in response to authentication of the device management system by the device, instructing, by the device management system, the device to connect via a primary port of the device management system to the cloud-managed network. 2. The method of claim 1 , wherein comparing the firmware version of the device with the predefined firmware version of the device determines whether the firmware version of the device is outdated. 3. The method of claim 1 , wherein the device being incompatible further comprises that the device lacks updated security credentials for authenticating the device management system. 4. The method of claim 3 , wherein determining that the device is incompatible is further based on a failure of the device to authenticate the device management system. 5. The method of claim 3 , wherein the device performs the upgrading of the firmware and implements the updated security credentials after validating a firmware upgrade image, wherein the upgrading of the firmware of the device upgrades, using the firmware upgrade image to a version newer than an existing version of the firmware of the device. 6. The method of claim 3 , further comprising: connecting the device via the primary port to the cloud-managed network. 7. The method of claim 1 , wherein re-directing the device to the predefined Internet address comprises sending a message from the secondary port to the device. 8. The method of claim 1 , wherein the device is one of an access point, a router, or an Ethernet switch. 9. The method of claim 1 , wherein instructing the device to connect via the primary port to the cloud-managed network is in response to authentication of the device management system by the device at the secondary port. 10. The method of claim 1 , further comprising: receiving, at the device management system from the device, the security credentials obtained by the device from the predefined Internet address; and authorizing, by the device management system using the security credentials, a connection of the device via the primary port of the device management system. 11. The method of claim 1 , wherein the primary port is separate from the secondary port. 12. A method comprising: transmitting, from an access point, a first transmission signal to a secondary port of a device management system of a cloud-managed network, wherein the first transmission signal comprises a first request of the access point to connect to the cloud-managed network and an indication whether a firmware of the access point is outdated, and wherein the indication of whether the firmware of the access point is outdated comprises a firmware version of the access point; in response to the access point being incompatible with the cloud-managed network based on a determination at the device management system that comprises comparing the firmware version of the access point with a predefined firmware version of the access point, receiving, at the access point, a re-direction instruction from the cloud-managed network to redirect the access point to a predefined Internet address to obtain a firmware upgrade and security credentials for the access point; in response to performing the firmware upgrade of the access point, transmitting, from the access point to the secondary port of the device management system, a second transmission signal that comprises a second request to connect to the cloud-managed network; and in response to authentication of the device management system by the access point based on the firmware upgrade and security credentials, receiving, at the access point, an instruction from the secondary port to connect via a primary port of the device management system, wherein the primary port is separate from the secondary port. 13. The method of claim 12 , wherein comparing the firmware version of the access point with the predefined firmware version of the access point determines whether the firmware version of the access point is outdated. 14. The method of claim 12 , wherein the re-direction instruction is from the secondary port of the device management system. 15. The method of claim 12 , wherein determining that the access point is incompatible is further based on a failure of the access point to authenticate the device management system. 16. The method of claim 15 , further comprising: validating the firmware upgrade image before upgrading the firmware at the access point using the firmware upgrade image. 17. A non-transitory machine-readable storage medium comprising instructions that upon execution cause a device management system to: receive a first transmission signal, via a secondary port of the device management system, from an access point, wherein the first transmission signal comprises a first request of the access point to connect to a cloud-managed network via the device management system and a firmware version of a firmware of the access point; determining, at the device management system, whether the access point is outdated, wherein the determining comprises comparing the firmware version of the access point with a predefined firmware version of the access point; in response to determining the access point lacks updated security credentials to connect to the cloud-managed network and determining that the firmware of the access point is outdated by comparing the firmware version of the access point with the predefined firmware version of the access point, re-direct the access point to a predefined Internet address to retrieve the updated security credentials for the access point and a firmware upgrade for the access point; receive, from the access point via the secondary port of the device management system, a second transmission signal after the re-directing and upgrading of the firmware of the access point, wherein the second transmission signal comprises a second request to connect to the cloud-managed network; and in response to authentication of the device management system by the access point, instruct the access point to connect via a primary port of the device management system to the cloud-managed network, wherein the primary port is separate from the secondary port. 18. The non-transitory machine-readable storage medium of claim 17 , wherein determining that the access point lacks the updated security credentials is based on